package com.xsl.oauth2.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;

/**
 * 资源服务器
 */
@EnableResourceServer
@Configuration
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {

//    @Override
//    public void configure(ResourceServerSecurityConfigurer resources) {
//        //resourceId 用于分配给可授予的clientId
//        //stateless  标记以指示在这些资源上仅允许基于令牌的身份验证
//        //tokenStore token的存储方式（上一章节提到）
//        resources.resourceId(RESOURCE_ID).stateless(true).tokenStore(tokenStore)
//                //authenticationEntryPoint  认证异常流程处理返回
//                //tokenExtractor            token获取方式,默认BearerTokenExtractor
//                //                         从header获取token为空则从request.getParameter("access_token")
//                .authenticationEntryPoint(authenticationEntryPoint).tokenExtractor(unicomTokenExtractor);
//
//    }

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().antMatchers("/order/**").access("#oauth2.hasScope('test1')")
                .antMatchers("/user/**").access("#oauth2.hasScope('test2')");
    }
}
